Identity Manager 9.3 - Authorization and Authentication Guide

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials	Identity's central user account and password.
Prerequisites	The identity exists in the One Identity Manager database. The central user account is entered in the identity main data. The system user password is entered in the identity main data. The identity is assigned at least one application role.
Set as default	Yes
Single sign-on	No
Front-end login allowed	Yes
Web Portal login allowed	Yes
Remarks	If an identity has a main identity or several subidentities, the QER \| Person \| MasterIdentity \| UseMasterForAuthentication configuration parameter controls which identity is used for authentication. If this configuration parameter is set, the identity’s main identity is used for authentication. If this configuration parameter is not set, the identity’s subidentity is used for authentication. NOTE: Identities that are classified as a security risk are no longer be able to log in to One Identity Manager. To allow login, set the QER \| Person \| AllowLoginWithSecurityIncident configuration parameter. A dynamic system user is determined from the identity's application roles. The user interface and the permissions are loaded through this system user. Changes to the data are assigned to the logged in identity.

Identity (dynamic)

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials	Identity's central user account and password.
Prerequisites	The identity exists in the One Identity Manager database. The central user account is entered in the identity main data. The system user password is entered in the identity main data. The configuration data for dynamically determining the system user is defined in the application. Thus, an identity can, for example, be assigned a system user dynamically depending on their department membership.
Set as default	Yes
Single sign-on	No
Front-end login allowed	Yes
Web Portal login allowed	Yes
Remarks	If an identity has a main identity or several subidentities, the QER \| Person \| MasterIdentity \| UseMasterForAuthentication configuration parameter controls which identity is used for authentication. If this configuration parameter is set, the identity’s main identity is used for authentication. If this configuration parameter is not set, the identity’s subidentity is used for authentication. NOTE: Identities that are classified as a security risk are no longer be able to log in to One Identity Manager. To allow login, set the QER \| Person \| AllowLoginWithSecurityIncident configuration parameter. The application configuration data is used to find a system user, which is automatically assigned to the identity. The user interface and permissions are loaded through the system user that is dynamically assigned to the logged in identity. Changes to the data are assigned to the logged in identity.

User account

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials	The authentication module uses the Active Directory login data of the user currently logged in on the workstation.
Prerequisites	The system user with permissions exists in the One Identity Manager database. The identity exists in the One Identity Manager database. Permitted logins are entered in the identity main data. The logins are expected in the form: domain\user. The system user is entered in the identity's main data.
Set as default	No
Single sign-on	Yes
Front-end login allowed	Yes
Web Portal login allowed	Yes
Remarks	All identity logins saved in the One Identity Manager database are found. The identity whose login data matches that of the current user is used for logging in. If an identity has a main identity or several subidentities, the QER \| Person \| MasterIdentity \| UseMasterForAuthentication configuration parameter controls which identity is used for authentication. If this configuration parameter is set, the identity’s main identity is used for authentication. If this configuration parameter is not set, the identity’s subidentity is used for authentication. NOTE: Identities that are classified as a security risk are no longer be able to log in to One Identity Manager. To allow login, set the QER \| Person \| AllowLoginWithSecurityIncident configuration parameter. The user interface and permissions are loaded through the system user that is directly assigned to the identity found. Data modifications are attributed to the current user account.

User account (role-based)

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials	The authentication module uses the Active Directory login data of the user currently logged in on the workstation.
Prerequisites	The identity exists in the One Identity Manager database. Permitted logins are entered in the identity main data. The logins are expected in the form: domain\user. The identity is assigned at least one application role.
Set as default	No
Single sign-on	Yes
Front-end login allowed	Yes
Web Portal login allowed	Yes
Remarks	All identity logins saved in the One Identity Manager database are found. The identity whose login data matches that of the current user is used for logging in. If an identity has a main identity or several subidentities, the QER \| Person \| MasterIdentity \| UseMasterForAuthentication configuration parameter controls which identity is used for authentication. If this configuration parameter is set, the identity’s main identity is used for authentication. If this configuration parameter is not set, the identity’s subidentity is used for authentication. NOTE: Identities that are classified as a security risk are no longer be able to log in to One Identity Manager. To allow login, set the QER \| Person \| AllowLoginWithSecurityIncident configuration parameter. A dynamic system user is determined from the identity's application roles. The user interface and the permissions are loaded through this system user. Data modifications are attributed to the current user account.